Windows Antivirus Pro is a rogue anti-virus program trying to capitalize on the fame of Microsoft. The trick is rather old and, evidently, rather effective. This parasite uses trojans, such as Vundo, to enter the system, although it can also be downloaded and installed manually. Windows Antivirus Pro relies on intimidating advertising to trick users into purchasing its “licensed version”, which is no more functional than the trial.
Upon entering the system, Windows Antivirus Pro begins it’s campaign of disinformation. There are a few key parts: 1) popups and fake system notifications, which claim that the system is infected and link straight to the purchase page, and 2) simulated system scans, which produce results that are spiced up with all sorts of (non-existent) viral threats. Windows Antivirus Pro shows false positives – legitimate files labeled as threats. Deleting these might not only prove useless, but can occasionally deal some serious damage to the system. In addition to these annoying features, Windows Antivirus Pro will also slow down the system.
Windows Antivirus Pro is a scam and should be treated as such: do NOT download or buy it and block it’s homepage using your HOSTS file.
Automatic Malware removal tools
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,
This one is absoultely horrible! It prevents me from accessing anything on my computer and has even corrupted the system restore function. I can’t open my regular anti-virus software and even getting into the control panel is hit and miss (it took me nearly an hour to sneak in and perform a system restore). I have no idea what to do about this other than take it in and, hopefully, have it removed by a professional.
Hey Sarah,
first of all, you must end two processes that are related with Windows Antivirus Pro and apparently blocks just about everything on your computer. So, open the Task Manager, put a checkmark in the checkbox labeled “Show processes from all users”, select “Processes” tab and find the following processes:
1) Windows Antivirus Pro.exe
2) svchast.exe (Important! do not terminate svchost.exe)
Terminate the above processes by clicking “End Process” button. Now you should be able to download Spyware Doctor (press blue download button below Windows Antivirus Pro description). Close all programs and windows. Install, Spyware Doctor and scan your computer. Remove found infections.
Good luck!
@ignas
What if it wont let you open taskmanager
Then you have to download and run this file:
http://www.2-viruses.com/wp-content/uploads/task-manager-fix.reg
For Firefox users: go to File->Save Page As..
Save as type: “All files” and press Save button.
I can open task manager, but I click end process and it says access denied.
Now what?
Thanks,
I download spyware doc and if I save to the desktop I can’t open it. If I download it to open, it disappears.
It’s gone to the add/delete programs and corrupted that. It seems to have all it’s bases covered.
Then use KillBox from http://killbox.net instead of Task Manager. Open KillBox, select “Processes” and End the following processes:
1) Windows Antivirus Pro.exe
2) svchast.exe
3) ANTI_files.exe
4) dbsinit.exe
5) desot.exe
Then, you should be able to run Spyware Doctor.
If my machine is infected with Windows Antivirus Pro why can i not see any of the process files,
Windows Antivirus Pro.exe
svchast.exe
ANTI_files.exe
dbsinit.exe
desot.exe, under task manager?
I have run spyware doctor several times, each time it finds the issue and I “correct it”. However after each restart of the computer the issue is back and I have the “anti virus” pop ups on the screen and i have to scramble to stop them before my computer is rendered unusable. What am I missing 🙁
Don :
Each infection might be a bit different depending on stages and trojans used. If you can’t find the files, delete ones you find.
Sarah : probably it is a new trojan downloader in the mix, or a rootkit. Have you updated your spyware doctor deffinitions? If so, you can try malwarebytes anti-malware free edition, it uses a bit different approach on detecting parasites and might find some trojans that spyware doctor cant (or vice versa) http://www.malwarebytes.org.
Whenever I try to download anything at all, Microsoft Antivirus Pro stops it. What can I do? I can’t even access “Add or Remove Programs”
Hey, I just wanted to say thanks!!!!!!! I had to do some work in safe mode, but after many HOURS of search and destroy, I finally got the upper hand… Seriously, this one was a pain in the “A”!
I also got delete happy in my searches, and took out some registry stuff that I actually needed… OOPS, but I was able to download the registry again, after doing a google search of the ENTIRE run32.dll path that I took out… Just a heads up to other delete happy people.
Hope posting this is cool:
http://www.dougknox.com/xp/file_assoc.htm
Also, forgot to mention. That it *MIGHT* save you some time by deleting the entire C:\WINDOWS\images folder… Most/All the .gif files are located in there.. But it would still be safer to view the folder with details and compare it to the list above.
~Junior
I think I just solved this with Spyware Doctor, but the virus was a beast. It had previously wiped my McAfee out — and wasn’t simple even with the Spyware Doctor, as the virus interfered with scans, etc. Eventually I killed it.
I’m just writing because I hadn’t noticed certain “SKYNET” files above that I think I had to take action against before I was successful. There were 4 files with “SKYNET” (2 .dll, 2 .dat) in the System32 directory. For instance, one file was
\system32\SKYNETbwtxyexu.dll … I could not delete the dll (“not authorized”), so renamed the 2 .dlls (I could delete the 2 dat files). Then I rebooted and my processes worked to completion for the first time. Btw, I noted the file DATES were all very recent (since the time I believe my computer was infected).
Well, hope it may help someone out. I imagine the versions are morphing.
Note: I’m no a computer guy by any means, so I offer it only as I think it helped here. Someone else may disagree who knows more than I do.
i still cannot get my computer to do anything because of windows antivirus pro. Cannot get any thing to download goes to black screen for 3 seconds then back to nothing. I even bought Nortons 360 and tried to load with cd and will not open. when I try some of the tihings in here all it does is send me to a notebook.. do’t know whow to preceed.
i still cannot get my pc start. After loging in it is showing black screen and only have access to Task Manager. I tried to start explorer.exe to get the screen back so that i could delete the files listed but when i try to start it a console app (desot.exe) comes and kills the processs. Please help me how to start my pc
Hey, just got this f**** bug but one way I got around not being able to run exe’s is to change the name to a .pif extensions so instead of superantispyware.exe just name it game.pif and voila you can start the executable. I was able to do this after killing the
1) Windows Antivirus Pro.exe
2) svchast.exe (Important! do not terminate svchost.exe)
(thanks ignas)
I have my superanti running right not, if that don’t work I’ll try spybot and antimalewarebytes. I’m hoping that one of or all of the three can crush it. If you don’t see me back here that means it worked otherwise I’ll be back.
@Jon
Jon is a genius. Kill svchast.exe, mine wasn’t showing WAP running in task manager, but then change file extensions to pif and your stuff works again. I haven’t killed it yet, but now I have a fighting chance. Thanks, Jon.
Hey, got rid of it!!! Spybot and superanti didn’t do it but, just run malwarebytes and you’ll be good to go!
Jon : SpyBot does a poor job with never parasites nowdays, though no spyware remover is 100% against all parasites. Try Spyware Doctor scanner to check if something is left.
Help! I have the windows antivirus pro, my desktop is completely missing. I’ve tried running “explorer.exe” from task manager and my desktop still doesn’t show. I’ve killed the svchast process. and I realized that everytime I try to open any of my antivirus, I see a “desot.exe” pop up under processes and then goes away- which I would assume it means that the virus or whatever is “working” to kill my antivirus. I’ve also tried system restore hoping I would get my desktop back but to no avail. I dunno what to do!
@Jon
How do you change the name to a .pif file extension? I tried renaming the file on the c drive, but it still won’t run… Is there a different way that you’re talking about?
OMG This thing has totally screwed up my pc! I cant get anything to download and it wont let me access my anti-virus software! When I tried to log into my online bank, the normal page came up but it asked for my FULL password and card details then underneath it said we will NEVER ask for your full password! This thing has even managed to edit the natwest homepage! When I go through task manager, the processes mentioned are not there, do you know any other file names they could be using? Thanks! xx
I can’t get to a starting point with this one as I can open task manager but I do not see any of the processes listed and I can’ open any programs.
When you download the spy doc it says that you have to buy it to fix the problems?? I thought it was free? Is there a free one?
Lisa: try to look for a processes with weird names under your username. Some trojans change filenames to confuse users. Though most often they fail to confuse spyware removers.
This virus is terrible! I don’t know what to do first! I’m totally inept with computers as it is so I need some help. Where do I start first? I cannot access anything without the Windows Antivirus Pro (scam) popping up.
Suggestions workled great. The registry locations were killed and program disappeared from PC. Thanks.
I didn’t download it. The window just appeared yesterday. I knew it was a scam immediately and shut down my internet connection. IT CRASHED MY COMPUTER THEN BOOTED TO A SOLID BLACK SCREEN! I figured out that if you open Win task manager, select “New Task”, then “Browse”, then RIGHT click on a folder and choose explore and my windows pops up. Win anti-virus pro also blocked opening new programs BUT it did NOT block me from opening files using the same method. I right clicked on a text file and choose to open it with firefox which started firefox. Here I am now, investigating the problem and getting fixes. Are these idiots in prison?
@Chad
P.S. The link for “Spyware Doctor” on this page does the same thing. It finds the problems, maybe, then you must purchase it to get anything done. ARE THEY IN CAHOOTS?
@Jon – how were you able to run Malwarebytes? It stops it on my friends pc
Chad : Spyware Doctor is legitimate. It actually removes malware, differently from Windows Antivirus pro. If you want free tools, expect them either without real time protection (Malwarebytes anti-malware), some limits on removable malware (Super anti-Spyware) or updated sporadically (Spybot). You can google more info about Spyware Doctor. Also, You can always use manual removal instructions.
Btw, it is a good thing to have a legitimate anti-spyware program installed, as well as anti-virus. It keeps such problems away.
Gary : You got a different strain of trojans installed, probably. However, try to rename malwarebytes executable to something else and run it.
I’ve got this thing; here is my scenerio:
Computer logs into Windows, but all desktop icons are gone, as is Start button. Task Manager doesn’t work, nothing. All I have is my desktop wallpaper and the Antivirus Pro window.
I’ve tried Saft Mode and Safe Mode with Networking, but neither work, they just send me back to the Advanced Config menu.
“Last Good Configuration” only takes me back to the blank desktop with the virus program window.
I am at a loss — can ANYONE help me out here????? PLEASE!!!!!
ok i have tried everything even in safe mode and when i am in safe mode and try to use task manager it says it has been disabled by administrator any ideas so i cant manually remove this pain in the fruckus lol
If they are collecting payments, what is the address of this spyware?
Why isn’t someone knocking on their door?
http://www.2-viruses.com/wp-content/uploads/task-manager-fix.reg here is a fix for registry to enable task manager.
They use bogus addresses and probably are shielding themselves with companies in some 3-rd world country that only collects payments and transfers them to malware manufacturers.
@admin
ok but if you provide one we must pay for that will work but do not provide with a free spyware program that will work as well t does paint a clear picture that you have some form of agreement with spyware doctor to sling there product.
Stryke: I do no recommend any product that I do not believe in it 🙂 I have bad experience with so called “free removers”. For example, last time I tested Spybot for particular parasite, it was updated 1 month after the parasite appeared. I have to repeat: They are not bad products, but I have seen them fail more often than Spyware Doctor and its support.
I can’t get into task manager. How do I get around this? The link http://www.2-viruses.com/wp-content/uploads/task-manager-fix.reg put an icon on my desktop but I can’t run it b/c my administrator denied it.
Okay I have tried everything!! I even bought the Spyware Doctor. It showed the Windows Pro and deleted so I thought! I then started having problems with my browers redirecting me. I thought it was the Google virus which every where I look says Spyware Doctor should get. So I download Spyhunters and it finds Windows Pro yet again. I manually find the registrys and some of the files and delete. None of the process are showing in my task Manager. Right after Spy hunters finds the problem it gets shut down along with Malwarebytes and Avast and a ton of other Antivirus programs!! I have tried a ton!!! I can’t seem to find the problem and wondering now if my only fix is to reformat. Thanks for you help!!
Greg: Are you on vista? You need to run it under administrator account.
Sheri: I think you got a serious security hole in your system, probably a new rootkit. Try updating and running Spyware Doctor again. Have you updated your Windows as well? Now to prevent stopping anti-viruses, rename their executables to something else and try to launch them then.
My fiance’s computer contracted AVP 2009 last night and it was rough. It immediately prevented me from connecting to the Internet and I ran the free version of AVG and it found a few trojan viruses but was unable to heal or quarantine them. I took another approach and used my computer to download malwarebytes, loaded it onto a cd and installed it on her computer. It initially would not allow me to run but I just changed the name of the file, ran it, and after about 2 hours found it and squashed it. It did a little damage to her browsers (both firefox and IE). However, I ran the diagnostic for both and after quick restart it was good as new. Hopefully it got it all. Hope this helps!!!
Wessman83: AVG has no rootkit protection as far as I know, which is a must nowdays. No wonder you had such problems. You should get either better anti-virus or good anti-spyware with permanent protection for your wife :). Malwarebytes anti-malware paid version has such module, though I have better experiences with spyware doctor.
Hi admin,
I’ve purchased the Spyware Doctor like you suggested, and it seemed to have caught the windows antivirus pro virus, but my system is still showing symptoms of the virus. I can open windows task manager, but I dont have any of the files that were mentioned above (Windows Antivirus Pro.exe, svchast.exe, ANTI_files.exe, dbsinit.exe, desot.exe). Are there other files I should look for?
I also downloaded Malwarebytes and renamed it but it still wont run. Are there any other steps I can do?
Thank you!
Brooke : Have you updated spyware doctor? If not, run the updates. Typically, there are couple trojans in the system, infected with such rogue parasites. Spyware Doctor might missed some on first go and might need an update.
Got a stubborn one. Has WAVP and I suspect something else as I can’t get to Add/Remove, no folders in C:/Program Files/ that are anything close to Windows Antivirus Pro, downloaded several Spyware programs but the system won’t let me run them as all I get is a DOS box flashes and is gone. This system is XP Home. I can access Task Manager but only a couple strange files which I ended and no change. I also tried booting into safe mode and it blue screened and even when moving some files to back up, when I inserted a flash drive it gave me a blue screen again. As I mentioned, I suspect that they have got something else in addition to Windows Antivirus Pro, but when I can’t run anything, I am stuck. Been repairing PC’s for 15 years and never had one that is so complicated. Can’t run regedit or msconfig, nothing.
Any suggestions would be greatly appreciated.
Ken : Check associations for exe, sometimes they associate them to run through debuger. You might need to prepare a specific .reg and execute it on infected Pc
We noticed WAVP pop-ups last night. It would continually reboot our machine if we didn’t go to the page requesting payment for their bogus program. I found WAVP in my Add/Remove programs menu, and uninstalled it that way. Then I ran a full Norton Anti-virus scan and it found and deleted 8 WAVP files.
So far, it hasn’t come back, and the computer seems to be running fine.
After many hrs I was able to download Spyware Doctor but had to go into safe mode to get rid of “Windows Police Pro”
BUT I still get “Windows Antiviurus Pro” blocking me from the Internet. This is so frustrating!! I upgraded to the Spyware Doctor AntiVirus but can’t down load it and the “Smart Update” doesn’t work..
What am I doing wrong? I just want ot get rid of “Windows Antiviurus Pro”
Ok, here’s my problem. I could only locate one of the files listed in all of that text above. and yes i read it ALL. I have nothing in the task manager, nothing in the system32, nothing from any of the anti-spywware programs, and the Windows AntivirusPro window keeps poping up. And yes, I ran all the updates that my computer allowed me to for everything.
Im out of ideas 😛
ok, that last emote came out wrong… it was supposed to be a frowny face.
Check proxy settings, paulina. It might be there is a proxy set up in your browser.
Also, check your hosts file.
how do i reinstall window antivirus pro on my computer. please send me the steps. thank you
Hey
I can’t use my antivirus software (i downloaded the ones that were recommended) and i can’t find any of the files listed above.When i search for the program or the files, none can be found. Are there any other names the virus can use?
I read all of the previous posts but the suggestions don’t work for me and/or i don’t know how to do it.
I’m not good with computers, so whatever the suggestion, if you could give me the basic steps it would be appreciated!
Please help, i really don’t know what to do.
chris : you should go with first step of manual instructions. Stop virus processes (if your version of trojans differ, you will have to look up all processes under your user in the web, and stop ones you can’t find).
Then download remover, it should work.
What do you mean by looking up all processes under my user? and stopping the ones i can’t find?
Google for each process name, Chris. We list most common process names for this parasite and related trojans, but sometimes they change the names. If you can’t find on internet a legitimate program that uses same process name, then you can stop that process.
Thanks!!!!
Finally got ride of it
😀
rogxsysguard.exe
Removing this process aided in removing windows anti virus pro. I still had to scan with malwarebytes but I stopped getting fake alerts and the virus pro icon went away after i ended this process.
I have managed to get my laptop working by loading superantispyware to a memory stick via another PC and running the program from the memory stick. It got reid of the false security alerts and I am now able to access files and e-mail. However I am still unable to open a web browser. Any ideas?
Brendan : Check your registry for your browser executable name. Some viruses mess with registry so you execute completely different program when you try to execute explorer, firefox or other program.
I have the Win Antivirus Pro crap on my laptop. It has blocked everything and has now gone to the point of launching the internet to porno sites and viagra ads! NICE right? I am only able to run any program as long as once my desktop appears after rebooting my machine, I double-click on the program to run immediately before WAP stops me. I was able to run malwarebytes and mcafee. Malwarebytes found and quarantined a total of 9 files and mcafee found nothing. None of what was found stopped WAP! I used the file above to access task manager and none of the associated processes or files are listed (i.e. Windows AntivirusPro.exe and svchast.exe, etc…). I searched for all the files on my system and found nothing. I got rid of this horrible thing about 3 months ago but those files were listed so it was easy. This time is ridiculous! HELP!
Laura: these change process names more or less randomly. Try looking for sysguard.exe, also check all processes run under your user in google – if it is not legitimate process, stop it.
Also… have you updated malwarebytes? Have you tried other removers, like Spyware Doctor? The problem is Malwarebytes free version does not give real time protection and updates are manual… so if it is single anti-malware, users get reinfected often.
ive tried every suggestion but i still cant open task manager to kill the processes. i can get it to open but only for a split second and then itll be closed by windows antivirus pro. i really need help with this first step!
I got rid of it by booting to safe mode with networking, and using Malwarebytes Anti-Malware
Hey all.. I’ve working on a friends laptop and This Win AV pro virus is massive and mean. I have been using A-Squared Free version 4.5 with updated Trojan/Sig/Trace files and so far I’ve found windows police pro and win AV pro trojans and downloaders. another progran I have used is JV16 powertools which is an old freeware program I’ve used with win 98, ME, XP pro and XP home. One thing I’ve found with this is if a progran won’t open, run or install, got to C: program files, find the program to open, right click on the exe file and click run as, below the user, uncheck the box that says prevent programs or protect, then the files will usually run or install. It works in Windows also. I had to use that method to install both JV16 A-Squared free from a memory stick. I’m not done yet but so A-Squared A2 free has found abound 10 high risk trojans out of 35 infected files.
Here’s my findings on our Vista system. My wife’s computer got hit with this this morning. I ran a scan (we have subscription for Norton 360) and it said everything was fine. I logged into a different user and didn’t see it, so it was isolated to my wife’s login, apparently. I logged back in to her account and within a minute was bombarded with all the noxious dialogs.
I found the problematic file to be C:\Users\Roxanne\AppData\Local\av.exe (my wife’s name is not Roxanne – this is to preserve her anonymity 🙂 ). I deleted that file, along with another file in that same folder with a funny name like n0al that had the system attribute set, and was created this morning same time as the av.exe, but was being modified throughout the day. I searched the entire hard drive for other files with a create date of today and found nothing else suspect. It does appear that at 7:41am there was a Java update done, which could have been the means by which this bad boy got in the door.
I then looked for av.exe in the registry and found it buried in .exe and secfile keys under HKEY_USERS\S-1-5-21-601332560-1032211926-102831608-1001\Software\Classes. Note that there were several different long-name keys like the above under HKEY_USERS, but only this one had the bad info. I have a Windows 7 machine myself, and checked that registry, and found no keys at all for .exe or secfile under HKU\…\Software\Classes, so I deleted the entire .exe and secfile keys from the registry.
There was also an muicache entry for it, which I think was probably benign since I deleted the av.exe file, but I deleted that key from the registry as well. This seems to have done the trick.
Hope this helps someone!
I just got hit with WAP this morning. Windows Vista.
At first, there were just lots of annoying pop-up ads. I wasn’t sure if this was trial software that had come with my computer, rather than a legitimate problem. After a few hours, it began to refuse to allow me to open applications. At this point, I realized I need to take action. I downloaded malwarebytes AND Spyware Doctor to an alternate laptop, and introduced them to my comp via flash drive. It did not want to open the files (repeatedly asking “which program would you like to use to open this?” but then refusing to do so). However, I got by this by right-clicking and selecting “Open as administrator.” I installed both programs, and ran malwarebytes, which found 3 infections. I deleted them, and it said it needed to restart my computer. I restarted. Now my computer is giving me an error message and won’t start windows, either in safe or normal mode. This blows.
can you help me, my notebook can’t read flashdisk… thanks